mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	Bug fix for handling of custom headers
This commit is contained in:
		
							parent
							
								
									277a4fa402
								
							
						
					
					
						commit
						f1a3c81aec
					
				|  | @ -1071,7 +1071,7 @@ def _setSafeVisit(): | |||
|                     key, value = line.split(':', 1) | ||||
|                     value = value.strip() | ||||
|                     kb.safeReq.headers[key] = value | ||||
|                     if key == HTTP_HEADER.HOST: | ||||
|                     if key.upper() == HTTP_HEADER.HOST.upper(): | ||||
|                         if not value.startswith("http"): | ||||
|                             scheme = "http" | ||||
|                             if value.endswith(":443"): | ||||
|  | @ -1303,7 +1303,7 @@ def _setHTTPUserAgent(): | |||
|         _ = True | ||||
| 
 | ||||
|         for header, _ in conf.httpHeaders: | ||||
|             if header == HTTP_HEADER.USER_AGENT: | ||||
|             if header.upper() == HTTP_HEADER.USER_AGENT.upper(): | ||||
|                 _ = False | ||||
|                 break | ||||
| 
 | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME | |||
| from lib.core.enums import OS | ||||
| 
 | ||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||
| VERSION = "1.2.11.16" | ||||
| VERSION = "1.2.11.17" | ||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||
|  |  | |||
|  | @ -346,7 +346,7 @@ def _setRequestParams(): | |||
|             # Url encoding of the header values should be avoided | ||||
|             # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value | ||||
| 
 | ||||
|             if httpHeader.title() == HTTP_HEADER.USER_AGENT: | ||||
|             if httpHeader.upper() == HTTP_HEADER.USER_AGENT.upper(): | ||||
|                 conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue) | ||||
| 
 | ||||
|                 condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES, True))) | ||||
|  | @ -355,7 +355,7 @@ def _setRequestParams(): | |||
|                     conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue} | ||||
|                     testableParameters = True | ||||
| 
 | ||||
|             elif httpHeader.title() == HTTP_HEADER.REFERER: | ||||
|             elif httpHeader.upper() == HTTP_HEADER.REFERER.upper(): | ||||
|                 conf.parameters[PLACE.REFERER] = urldecode(headerValue) | ||||
| 
 | ||||
|                 condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES, True))) | ||||
|  | @ -364,7 +364,7 @@ def _setRequestParams(): | |||
|                     conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue} | ||||
|                     testableParameters = True | ||||
| 
 | ||||
|             elif httpHeader.title() == HTTP_HEADER.HOST: | ||||
|             elif httpHeader.upper() == HTTP_HEADER.HOST.upper(): | ||||
|                 conf.parameters[PLACE.HOST] = urldecode(headerValue) | ||||
| 
 | ||||
|                 condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES, True))) | ||||
|  |  | |||
|  | @ -866,10 +866,10 @@ class Connect(object): | |||
|                 value = agent.replacePayload(value, payload) | ||||
|             else: | ||||
|                 # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded | ||||
|                 if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: | ||||
|                 if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper()) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: | ||||
|                     skip = False | ||||
| 
 | ||||
|                     if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE: | ||||
|                     if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper(): | ||||
|                         if kb.cookieEncodeChoice is None: | ||||
|                             msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]")  # Reference: https://support.microsoft.com/en-us/kb/313282 | ||||
|                             kb.cookieEncodeChoice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True) | ||||
|  |  | |||
|  | @ -42,17 +42,17 @@ cada93357a7321655927fc9625b3bfec  lib/core/exception.py | |||
| 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py | ||||
| 458a194764805cd8312c14ecd4be4d1e  lib/core/log.py | ||||
| 7d6edc552e08c30f4f4d49fa93b746f1  lib/core/optiondict.py | ||||
| d6dace6468ed5d2bbd500b0a244a9650  lib/core/option.py | ||||
| c6a8223fbc1dad784d4ae6377e737a97  lib/core/option.py | ||||
| c8c386d644d57c659d74542f5f57f632  lib/core/patch.py | ||||
| 6783160150b4711d02c56ee2beadffdb  lib/core/profiling.py | ||||
| 6f654e1715571eff68a0f8af3d62dcf8  lib/core/readlineng.py | ||||
| 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py | ||||
| a7db43859b61569b601b97f187dd31c5  lib/core/revision.py | ||||
| fcb74fcc9577523524659ec49e2e964b  lib/core/session.py | ||||
| 342e732d0772891804c7609578176997  lib/core/settings.py | ||||
| 3f8cf314028234cb8c60c66a915da2e2  lib/core/settings.py | ||||
| a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py | ||||
| a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py | ||||
| 721198b5be72c8015a02acb116532a1f  lib/core/target.py | ||||
| 52642badbbca4c31a2fcdd754d67a983  lib/core/target.py | ||||
| 72d499ca8d792e90a1ebfb2ad2341a51  lib/core/testing.py | ||||
| cd0067d1798e45f422ce44b98baf57db  lib/core/threads.py | ||||
| c40758411bb0bd68764d78e0bb72bd0f  lib/core/unescaper.py | ||||
|  | @ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce  lib/parse/payloads.py | |||
| 30eed3a92a04ed2c29770e1b10d39dc0  lib/request/basicauthhandler.py | ||||
| 2b81435f5a7519298c15c724e3194a0d  lib/request/basic.py | ||||
| 859b6ad583e0ffba154f17ee179b5b89  lib/request/comparison.py | ||||
| d21e3452240ae3e59dfeb05fabc9ea14  lib/request/connect.py | ||||
| 0113525b321d0d35cf973a9cff34850a  lib/request/connect.py | ||||
| dd4598675027fae99f2e2475b05986da  lib/request/direct.py | ||||
| 2044fce3f4ffa268fcfaaf63241b1e64  lib/request/dns.py | ||||
| 98535d0efca5551e712fcc4b34a3f772  lib/request/httpshandler.py | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user